GENERAL POINTS
As an agricultural software publisher, SMAG has made respect for the privacy of its clients and users a real priority. This privacy policy presents an outline of SMAG’s compliance with (EU) regulation 2016/679 on the protection of personal data (hereinafter “the Regulation”) and with French Data Protection Act no. 78-17 of 6 January 1978 as amended (hereinafter “the Data Protection Act”).
The provisions below apply to software and mobile applications published by SMAG, as well as to related services.
The personal data processing carried out by SMAG is intended to comply with European and French data protection legislation. It takes place within a context of transparency, security and control of data by users.
This policy aims to set out the different categories of personal data that we collect, and to present in a simple way how we use and protect them and the legal bases on which we rely to justify their processing, as well as the rights that you have over your personal data.
Please take whatever time you need to read this information.
LEGAL STATUS
In its business as a software publisher, SMAG is considered to be a data processor pursuant to the Regulation. In this respect, SMAG processes the personal data of the users of its solutions on behalf of the organisation to which they are attached (agricultural cooperative, trader, management centre, etc.). From this perspective, the organisation to which our users are attached acts as the data controller in that it determines the means and purposes of processing their personal data.
However, SMAG also acts as data controller when we process the data of users of our solutions with a view to improving our Products and/or Services, or for statistical purposes. Based on your prior consent, we also process your contact data in order to send you information, news or promotions on our Products and/or Services.
In general, SMAG undertakes to ensure that your personal data are:
- Processed in a lawful, fair and transparent manner.
- Collected for defined, explicit and legitimate purposes.
- Appropriate, relevant and limited to what is necessary for the purposes for which they have been collected in application of the principle of data minimisation.
- Accurate and up to date. If your personal data are inaccurate, you are invited to inform us so that this can be rectified.
- Stored in a form enabling your identification for a duration not exceeding that strictly necessary for the purposes for which your data were initially collected.
- Processed in a way that guarantees adequate security of your personal data against destruction, loss, alteration or unauthorised access.
What personal data do we collect?
We process the following personal data of our users: last name and first name, email address, postal address, telephone number, date of birth, SIRET number for agricultural holdings, localisation data, and any other information with which you provide us when you contact customer service.
If you visit our website or use our digital services (including on a mobile phone) we are also likely to collect the following data: IP address or any other identifier relating to the device, type and version of the browser plug-ins, operating system and platform used
When do we collect your personal data?
Your personal data may be collected at various times, and in particular when:
- You sign up, create an account and use our Products and/or Services.
- You contact our customer service or call upon our technical assistance support.
- You contact us or when you participate in surveys, competitions or promotions.
- You visit our website insofar as this uses cookies. To find out more about how we use them and the means you have to manage these cookies, please refer to our SMAG cookies policy on the www.smag.tech website.
Why do we process your personal data?
1 – To give you access to our Products and/or Services
Firstly, your personal data are processed when you sign up and when you use our Products and/or Services.
SMAG may need to collect information about you in order to provide you with assistance when you use our solutions. After having informed you, the work that we carry out may be recorded in order to improve our Services.
When you call upon SMAG support services (assistance, billing, etc.), your personal data may also be subject to processing. This processing may be carried out by SMAG services or by the Service Providers called upon in this context.
As an example, as part of our customer service, we may process your personal data to communicate with you about our Products and/or Services, measure your satisfaction, or in response to a request from you.
As a user of our solutions, you are informed that only the tools provided by SMAG are accepted to provide assistance support on our Products and/or Services.
2 – For administrative, organisational and internal purposes
We may also process your personal data for internal purposes, in particular to improve our Products and/or Services, our website, or for statistical purposes with regard to identifying trends in the use of our solutions.
For example, we may use your data to monitor use of our software and our website in order to ensure that we present them as effectively and as appropriately as possible in view of your needs, and the features and configuration of your devices.
3 – For security reasons and legal reasons
Where applicable, we may process our users’ personal data to manage and protect our business, to resolve disputes or to prevent potentially prohibited or illegal activities, or to meet our legal obligations.
4 – For communication and marketing campaigns
In compliance with the rules in effect relating to commercial prospection, we may process your personal data to inform you of news and special offers on our products.
However we process your personal data, we systematically ensure that we comply with the appropriate legal basis in accordance with the provisions of Article 6 of the Regulation.
What are your rights?
As a user of SMAG solutions, you are in charge of your data and therefore have a number of rights over their management. You can approach us in order to exercise your:
- Right of access
You can ask us for confirmation that we are processing your personal data and ask us for a copy of them. - Right of rectification
You can ask us to rectify or alter personal data that are no longer up to date or inaccurate. - Right of erasure
You can ask us to erase your personal data, in particular if they are inaccurate, incomplete, ambiguous or out of date. - Right to object
You are free to withdraw your consent at any time so as to no longer receive information from us. - Right to portability
You can ask us to provide you with your personal data, in a structured and machine-readable format, or ask another data controller to provide us with your data. - Right to set out instructions on what happens to your data after your death
You can set out, during your lifetime, instructions relating to the storage, erasure and disclosure of your personal data after your death. These instructions may be modified or revoked at any time. If you have not given any instructions, your data will be erased within the legal time limits. Your heirs may exercise rights over your data and, in particular, request their erasure.
If you wish to exercise one of your rights in accordance with the data protection regulations, please send your request to the following address:
SMAG SAS
Pépinière Technologique du Mont Bernard
18 rue Dom Pierre Pérignon
51000 Châlons-en-Champagne
FRANCE
You can also contact our data controller at this address: dpo@smag.tech.
If you identify a breach of your personal data, without prejudice to any other administrative or legal action, you can make a complaint to the supervisory authority of the Member State in which you have your main residence, of your place of work or of the place where the breach of your personal data was committed. Please consult the website of the French Data Protection Agency (CNIL) to obtain further information on your rights of recourse and the required procedure.
Commission nationale de l’informatique et des libertés (CNIL)
3 Place de Fontenoy – TSA 80715
75334 PARIS CEDEX 07
Who is likely to access your personal data?
1. Data recipients
Data collected through the intermediary of the Products and/or Services published by SMAG SAS (including its website) may be disclosed to the authorised personnel of SMAG, to its IT, technical and institutional partners, or to the sub-contractors it uses to carry out all or part of the services set out above. Any data recipient must comply with the regulatory requirements and our contractual provisions on personal data protection, and factually demonstrate a high level of data protection.
We will never transfer your personal data to unauthorised third parties or those which do not meet the requirements stipulated by the Regulations in effect.
2. Transfer of data outside the European Union
Some of the data recipients mentioned above may be situated outside the European Union and to have access to all or part of the personal information that we process for the purposes of performing the contract entered into with our client.
In this case, when your personal data are processed by a data recipient situated outside the European Union and the European Economic Area, and whose country is not considered to provide an adequate level of protection pursuant to Article 45 of the Regulation, we undertake to guarantee the protection of your personal data in accordance with the strictest rules through the signature, on a case by case basis, of contractual clauses based on the model of the European Commission, or any other mechanism that complies with the Regulation.
For how long are your data stored?
We undertake to comply with the provisions in effect on the period for which personal data can be stored. The personal data of users of our Products and/or Services are not stored for a period exceeding that strictly necessary for the purposes for which they were initially collected.
However, your user data may be used subsequently in an anonymised way by SMAG.
Security of your personal data
We implement appropriate technical and organisational measures regarding technology with a view to protecting the security, integrity and confidentiality of our users’ data in order to prevent damage, erasure or unauthorised access by third parties.
Furthermore, our projects are carried out in compliance with Privacy by Design, and within our solutions we implement measures guaranteeing compliance with the rules on Privacy by Default.
Right to modify
We reserve the right, to modify this Privacy Policy at any time. Consequently, we invite you to check our “Privacy Policy” regularly.